aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-11-21 12:43:57 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 15:44:47 +0100
commitd82e0c848f7c82aa9edf28ca55a68de82b19c88c (patch)
tree9f83bb41190e0a619a1f287b2d35c67e1bc3ea69
parent2e41e68813cab482713ba55a792fce74ddb4f094 (diff)
downloadmoa-id-spss-d82e0c848f7c82aa9edf28ca55a68de82b19c88c.tar.gz
moa-id-spss-d82e0c848f7c82aa9edf28ca55a68de82b19c88c.tar.bz2
moa-id-spss-d82e0c848f7c82aa9edf28ca55a68de82b19c88c.zip
add eIDAS request validation regarding minimum data-set and SPType
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java18
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java47
2 files changed, 51 insertions, 14 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index d975b6e0a..74cf665ca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,10 +22,17 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
+import at.gv.egovernment.moa.id.data.Trible;
+
/**
* @author tlenz
*
@@ -119,4 +126,15 @@ public class Constants {
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" +
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+ public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() {
+ private static final long serialVersionUID = 1L;
+ {
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri());
+ }
+ });
+
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1ce900ebb..8fb81082f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.IOException;
import java.io.StringWriter;
+import java.net.URI;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
import eu.eidas.auth.commons.protocol.IResponseMessage;
import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest;
@@ -302,7 +304,37 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
-
+ //validate service-provider type from eIDAS request
+ String spType = null;
+ if (eIDASSamlReq.getSpType() != null)
+ spType = eIDASSamlReq.getSpType();
+
+ if (MiscUtil.isEmpty(spType))
+ spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
+
+ if (MiscUtil.isNotEmpty(spType))
+ Logger.debug("eIDAS request has SPType:" + spType);
+ else {
+ Logger.warn("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06",
+ new Object[]{"eIDAS request and eIDAS metadata contains NO 'SPType' element."});
+
+ }
+
+ //validate if minimal data-set if it is not fully requested
+ //TODO: must be tested!!!!
+ ImmutableAttributeMap reqAttrList = eIDASSamlReq.getRequestedAttributes();
+ for (URI el : Constants.NATURALPERSONMINIMUMDATASETLIST) {
+ if(reqAttrList.getAttributeValuesByNameUri(el) == null) {
+ Logger.warn("Minimum data-set attribute: " + el + " is not requested.");
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06",
+ new Object[]{"eIDAS request does not contain all attributes of minimum data-set for natural person"});
+
+ }
+ }
+
+
+
//*************************************************
//***** store eIDAS request information *********
//*************************************************
@@ -335,19 +367,6 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
// - memorize OA config
pendingReq.setOnlineApplicationConfiguration(oaConfig);
-
- // - memorize service-provider type from eIDAS request
- String spType = null;
- if (eIDASSamlReq.getSpType() != null)
- spType = eIDASSamlReq.getSpType();
-
- if (MiscUtil.isEmpty(spType))
- spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
-
- if (MiscUtil.isNotEmpty(spType))
- Logger.debug("eIDAS request has SPType:" + spType);
- else
- Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
} catch (MOAIDException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());